Update readme with result information about the demo

2024-11-28 16:41:14 +01:00 · 2024-11-28 16:41:14 +01:00 · b3740e8989
commit b3740e8989
parent 7fe5124427
1 changed files with 37 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,37 @@
-# Rossum - Kyverno policy
+# Rossum - Kyverno policy demo
+
+This example assumes an existing and preconfigured access to k8s api server
+
+Provide environment variables in the workdir as defined in the `.envrc.example`
+
+`anydatacenter` directory represents a theoretical structure where the cluster would be located
+
+## Root modules
+- `anydatacenter/10-devops` is a terraform root module providing prerequisites for kubernetes resources
+
+- `anydatacenter/30-policy-demo` is a root module with deployments and policies to demonstrate automated topology spread of k8s pods
+
+The reason for split root modules comes from the chicken or the egg dilemma with kubernetes manifests and CRDs
+
+Because the kubernetes provider validates the manifests against CRDs during planning phase, it is not possible to do a single apply
+in which CRDs are installed and manifests are produced against those CRDs. Other solution would be using kubectl provider which is
+more error prone (opinionated statement) and using the kubernetes provider is preferred. This requires either a multi-apply
+approach (frowned upon!) or splitting root modules and applying one after another.
+
+## Policies
+
+Policies are deliberately limited to `rossum` namespace
+
+## Tests
+
+Kyverno tests are defined in the policy root module at [./anydatacenter/30-policy-demo/kyvernoPolicies/tests](./anydatacenter/30-policy-demo/kyvernoPolicies/tests)
+
+Execute with nix and devenv
+```sh
+tests
+```
+
+Execute with kyverno cli
+```sh
+kyverno test ./anydatacenter/30-policy-demo
+```